Mapping User Access: Is Necessity the Mother of Quest's Invention?

Here's the challenge with Active Directory (AD) and permissions: It's hard to know where someone was granted access. And if your company has merged with or acquired another, the potential for security problems increases as you go through the inevitable migration. Quest Access Manager, recently announced by Quest Software, is designed to map user access across the enterprise in real time. Given that Quest has acquired numerous companies over the years, and, one supposes, experienced the subsequent pain of migration and access control firsthand, if Access Manager didn't arise out of real-life necessity, it certainly could have.

"It's the most simple app that Quest has produced," says Bob Bobel, senior manager at Quest Software, "Yet it has the most stunning results." Quest Access Manager provides a single point for viewing and managing user and group access across the enterprise and enforcing access policies. "We created a technology that will pre-index where people have access—in a matter of moments it will filter where they don't have access and present a list of where they do." Bobel says the breakthrough point for envisioning the technology was when the realization hit that "modern networks are similar to libraries. Do you use a public library by walking through the stacks? Or using a card catalog?"

Using a security agent, a small index is created in the background. The index list is posted to a central index, which is maintained in real time. An initial scan runs for 10 to 15 minutes, then scans are done incrementally. The index is housed on SQL Server, and SQL Server 2005 Express is shipped with the product. Quest Access Manager supports AD on Windows Server 2008 and Windows Server 2003; the client agents run on Windows Vista and Windows XP.

Although the name might sound familiar, the product is not a former NetPro product. "It comes from our vast migration experience," he says, referring obliquely to Quest's acquisition of numerous companies over the years. "Security is vulnerable during a migration."

The architecture will support agents on other systems, so subsequent releases are expected to include support for non-Microsoft systems. "You'll know where people have access not just on Windows but on Linux and UNIX. Combine it with Quest Authentication Services and you've moved into a realm where no one else can go."